I try to keep ConfigMgr, Active Directory, and DNS as clean as possible. I delete old computer accounts out of AD, I have scavenging turned on for all of my DNS zones, and I have ConfigMgr deleting obsolete/inactive/aged discovery data. The problem is, ConfigMgr seems to be treating AD Users and Groups the same way it treats Computers. I'm not exactly sure what scheduled task is doing it, but I believe that once a week, ConfigMgr will delete almost all of the AD User and Group accounts out of the database. After this happens I lose all the packages that are advertised to users or groups. If I run the AD discovery everything comes back the way it should, but this is just annoying. I definitely want ConfigMgr to delete obsolete/inactive/aged computer accounts. But when it comes to user accounts it want it to leave them alone (unless ConfigMgr has some kind of amazing algorithm of determining user accounts that haven't been used in x-number of days). I've seen plenty of documentation as to how ConfigMgr determines if a computer is obsolete/inactive/aged, but how does it determing if a user or group account is obsolete/inactive/aged? And how do I tell it to stop deleting user and group accounts while still maintaining the cleanup schedule for computer accounts?

To my knowledge, there is no such thing as an obsolete user, only obsolete computers because this is based on the hardware ID of computer resources. How often does you AD discovery run and what is your delete inactive discovery data interval? If the former is greater than the later, that's where your problem lies. Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

Inactive Client Discovery Data, or Aged Discovery Data? AD User Discovery = Every 1 day AD Security Group Discovery = Every 1 day Delete Aged Discovery Data = Delete data older than 1 day. Runs 7 days a week. Delete Inactive Client Discovery Data = Delete data older than 30 days. Runs every Monday. Delete Obsolete Client Discovery Data = Delete data older than 1 day. Runs 7 days a week. We're in the middle of reimaging all of our workstations, so new computer objects are being created in ConfigMgr daily. That's why I have the Delete Aged Discovery Data and Delete Obsole Client Discovery Data tasks set so frequently. I'm trying to keep the ConfigMgr database clear of old computer accounts. I didn't think there was such a thing as an obsolete user either. So what task is actually deleting the user and security group data? And how do I separate the deletion of those objects from the deletion of computer objects (which I want to do as frequently as possible, for now)?

I think you are running into the issue of the Delete Aged Discovery task deleting the users because you have it running too frequently. Why not set it to run every other day or set your AD user discovery to run multiple times a day? Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys